GDPR Compliance

The data controller for your personal data is:

AIGENZ
SAS with variable capital from 100 to 100,000 euros
Head office: Office 326, 59 rue de Ponthieu, 75008 Paris, France
SIREN: 943 738 088
Represented by Ismael Ouamlil, President

Contact:
Email: privacy@traject.so
Postal address: AIGENZ - Office 326, 59 rue de Ponthieu, 75008 Paris

In accordance with Article 37 of the GDPR, AIGENZ has appointed a Data Protection Officer (DPO).

DPO responsibilities:

• Ensure compliance with GDPR and data protection laws
• Advise AIGENZ on data protection obligations
• Be the point of contact with the CNIL (French Data Protection Authority)
• Answer your questions about data processing
• Process your rights exercise requests

DPO Contact:
Email: dpo@traject.so
Postal address: DPO - AIGENZ - Office 326, 59 rue de Ponthieu, 75008 Paris

We only collect personal data necessary for providing our services and improving your experience.

Types of data collected:

• Identification data: name, surname, date of birth
• Contact data: email address, phone number
• Professional data: status (freelance/employee), field of activity, experience, career goals
• Connection data: IP address, connection logs, browsing data
• Payment data: banking information (processed by our secure payment provider)
• Cookies and trackers: see our Cookie Policy

For more details, see our Privacy Policy.

In accordance with Article 6 of the GDPR, we process your personal data on the following legal bases:

Contract Performance (Art. 6.1.b)

Processing necessary to provide our services: account creation and management, access to features, billing, customer support.

Consent (Art. 6.1.a)

Marketing communications, newsletters, non-essential cookies. You can withdraw your consent at any time.

Legitimate Interest (Art. 6.1.f)

Service improvement, statistical analysis, platform security, fraud prevention.

Legal Obligation (Art. 6.1.c)

Retention of accounting and tax data in accordance with legal obligations (10 years).

We retain your personal data only for as long as necessary for the purposes for which it was collected:

Data Type	Retention Period
Active user account	Duration of subscription + archives
Unconverted prospects	3 years (CNIL recommendation)
Billing data	10 years (legal obligation)
Connection logs	1 year (legal obligation)
Cookies	13 months maximum
Data after account closure	30 days then deletion

Your personal data is intended for AIGENZ internal services and may be shared with our subcontractors:

• Hosting and infrastructure: Vercel (United States - appropriate safeguards)
• Secure payment: Stripe or equivalent
• Transactional email: email sending providers
• Analytics and performance: Google Analytics (anonymized)
• Customer support: CRM tools

All our subcontractors are subject to strict confidentiality and security obligations by contract. They can only use your data for defined purposes and under our instructions.

8.1 Principle

Your data is primarily processed and stored in the European Union. However, some of our technical providers may be located outside the EU (particularly in the United States).

8.2 Appropriate Safeguards

In accordance with Articles 44 and following of the GDPR, any data transfer outside the EU is governed by appropriate safeguards:

• Standard Contractual Clauses (SCC): approved by the European Commission
• Adequacy decision: for countries recognized as providing adequate protection
• Data Privacy Framework: for certain certified US providers
• Additional security measures: encryption, pseudonymization

8.3 Information and Copies

You can obtain a copy of the safeguards in place for transfers outside the EU by contacting us at: dpo@traject.so

In accordance with the GDPR (Chapter III), you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain confirmation that your data is being processed and receive a copy
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data under certain conditions
• Right to restriction (Art. 18): limit the processing of your data in certain cases
• Right to portability (Art. 20): receive your data in a structured, commonly used format
• Right to object (Art. 21): object to processing for reasons relating to your particular situation
• Right to withdraw consent: withdraw your consent at any time for consent-based processing
• Right to define post-mortem directives: define directives regarding the fate of your data after death

10.1 How to Exercise Your Rights?

You can exercise your rights in several ways:

• Directly from your account: privacy settings and personal data
• By email to the DPO: dpo@traject.so
• By postal mail: DPO - AIGENZ - Office 326, 59 rue de Ponthieu, 75008 Paris

10.2 Information Required

To process your request, please provide:

• Your name, surname and email address
• The right you wish to exercise
• A copy of your ID (for verification)

10.3 Response Time

We commit to responding to your request within a maximum of one month from receipt. This period may be extended by two months for complex requests, in which case we will inform you.

10.4 Free of Charge

Exercising your rights is free, except in cases of manifestly unfounded or excessive requests.

In accordance with Article 32 of the GDPR, we implement all appropriate technical and organizational measures to ensure a level of security appropriate to the risks:

Technical Measures

• Data encryption in transit (HTTPS/TLS) and at rest
• Strong authentication and access management
• Firewalls and intrusion detection systems
• Regular encrypted backups
• Security testing and regular audits
• Access logging and monitoring

Organizational Measures

• Confidentiality clauses for all employees
• Regular training in security best practices
• Limited data access (principle of least privilege)
• Security incident management procedures
• Strict contracts with our subcontractors

In accordance with Articles 33 and 34 of the GDPR, in case of a personal data breach likely to result in a high risk to your rights and freedoms, we commit to:

• Notify the CNIL within 72 hours of discovering the breach
• Inform you directly if the breach poses a high risk to you
• Implement all necessary measures to limit the consequences
• Document the incident and measures taken

If you believe that the processing of your personal data does not comply with the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)
Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
Website: www.cnil.fr
Complaint form: cnil.fr/fr/plaintes

However, we encourage you to contact us first so that we can address your concerns directly.

This GDPR page may be updated to reflect changes in our practices or regulations. The date of the last update is indicated at the top of the page.

Substantial changes will be notified to you by email or via a notification on the platform.